Chapter 17 Domain Name System: DNS Objectives Upon completion you will be able to: • Understand how the DNS is organized • Know the domains in the DNS • Know how a name or address is resolved • Be familiar with the query and response formats • Understand the need for DDNS TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 17.1 NAME SPACE The names assigned to machines must be unique because the addresses are unique A name space that maps each address to a unique name can be organized in two ways: flat or hierarchical The topics discussed in this section include: Flat Name Space Hierarchical Name Space TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 17.2 DOMAIN NAME SPACE The domain name space is hierarchical in design The names are defined in an inverted-tree structure with the root at the top The tree can have 128 levels: level (root) to level 127 The topics discussed in this section include: Label Domain Name Domain TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt Figure 17.1 Domain name space TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt Figure 17.2 Domain names and labels TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt Figure 17.3 FQDN and PQDN TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt Figure 17.4 Domains TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 17.3 DISTRIBUTION OF NAME SPACE The information contained in the domain name space is distributed among many computers called DNS servers The topics discussed in this section include: Hierarchy of Name Servers Zone Root Server Primary and Secondary Servers TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt Figure 17.5 Hierarchy of name servers TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt Figure 17.6 Zones and domains TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 10 Figure 17.20 Format of an offset pointer TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 35 Example A resolver sends a query message to a local server to find the IP address for the host “chal.fhda.edu.” We discuss the query and response messages separately Figure 17.21 shows the query message sent by the resolver The first bytes show the identifier (1333) It is used as a sequence number and relates a response to a query Because a resolver may even send many queries to the same server, the identifier helps to sort responses that arrive out of order The next bytes contain the flags with the value of 0x0100 in hexadecimal In binary it is 0000000100000000, but it is more meaningful to divide it into the fields as shown below: QR OpCode 0000 TCP/IP Protocol Suite CuuDuongThanCong.com AA TC RD RA Reserved 0 000 https://fb.com/tailieudientucntt rCode 0000 36 Figure 17.21 Example 1: Query message TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 37 Example (Continued) The QR bit defines the message as a query The OpCode is 0000, which defines a standard query The recursion desired (RD) bit is set (Refer back to Figure 17.16 for the flags field descriptions.) The message contains only one question record The domain name is 4chal4fhda3edu0 The next bytes define the query type as an IP address; the last bytes define the class as the Internet Figure 17.22 shows the response of the server The response is similar to the query except that the flags are different and the number of answer records is one The flags value is 0x8180 in hexadecimal In binary it is 1000000110000000, but again we divide it into fields as shown below: QR OpCode 0000 TCP/IP Protocol Suite CuuDuongThanCong.com AA TC RD RA Reserved rCode 0 1 000 0000 https://fb.com/tailieudientucntt 38 Example (Continued) The QR bit defines the message as a response The OpCode is 0000, which defines a standard response The recursion available (RA) and RD bits are set The message contains one question record and one answer record The question record is repeated from the query message The answer record has a value of 0xC00C (split in two lines), which points to the question record instead of repeating the domain name The next field defines the domain type (address) The field after that defines the class (Internet) The field with the value 12,000 is the TTL (12,000 s) The next field is the length of the resource data, which is an IP address (153.18.8.105) TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 39 Figure 17.22 Example 1: Response message TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 40 Example An FTP server has received a packet from an FTP client with IP address 153.2.7.9 The FTP server wants to verify that the FTP client is an authorized client The FTP server can consult a file containing the list of authorized clients However, the file consists only of domain names The FTP server has only the IP address of the requesting client, which was the source IP address in the received IP datagram The FTP server asks the resolver (DNS client) to send an inverse query to a DNS server to ask for the name of the FTP client We discuss the query and response messages separately TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 41 Example (Continued) Figure 17.23 shows the query message sent from the resolver to the server The first bytes show the identifier (0x1200) The flags value is 0x0900 in hexadecimal In binary it is 0000100100000000, and we divide it into fields as shown below: QR OpCode AA TC RD RA Reserved 0 000 0001 rCode 0000 The OpCode is 0001, which defines an inverse query The message contains only one question record The domain name is 19171231537in-addr4arpa The next bytes define the query type as PTR, and the last bytes define the class as the Internet TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 42 Figure 17.23 Example 2: Inverse query message TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 43 Example (Continued) Figure 17.24 shows the response The flags value is 0x8D80 in hexadecimal In binary it is 1000110110000000, and we divide it into fields as shown below: QR OpCode AA TC RD RA Reserved 0001 1 000 TCP/IP Protocol Suite CuuDuongThanCong.com rCode 0000 https://fb.com/tailieudientucntt 44 Figure 17.24 Example 2: Inverse response message TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 45 Example In UNIX and Windows, the nslookup utility can be used to retrieve address/name mapping The following shows how we can retrieve an address when the domain name is given $ nslookup fhda.edu Name: fhda.edu Address: 153.18.8.1 The nslookup utility can also be used to retrieve the domain name when the address is given as shown below: $ nslookup 153.18.8.1 1.8.18.153.in-addr.arpa name = tiptoe.fhda.edu TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 46 17.9 DDNS The Dynamic Domain Name System (DDNS) updates the DNS master file dynamically TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 47 17.10 ENCAPSULATION DNS uses UDP as the transport protocol when the size of the response message is less than 512 bytes If the size of the response message is more than 512 bytes, a TCP connection is used TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 48 Note: DNS can use the services of UDP or TCP using the well-known port 53 TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 49 ... Flat Name Space Hierarchical Name Space TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 17.2 DOMAIN NAME SPACE The domain name space is hierarchical in design The names... 17.9 DDNS The Dynamic Domain Name System (DDNS) updates the DNS master file dynamically TCP/IP Protocol Suite CuuDuongThanCong.com https://fb.com/tailieudientucntt 47 17.10 ENCAPSULATION DNS uses... COMPRESSION DNS requires that a domain name be replaced by an offset pointer if it is repeated DNS defines a 2-byte offset pointer that points to a previous occurrence of the domain name or part